diff --git a/CVE-2020-9986/OFReadKeys/OFFetchReports/OfflineFinder.entitlements b/CVE-2020-9986/OFReadKeys/OFFetchReports/OFFetchReports.entitlements similarity index 100% rename from CVE-2020-9986/OFReadKeys/OFFetchReports/OfflineFinder.entitlements rename to CVE-2020-9986/OFReadKeys/OFFetchReports/OFFetchReports.entitlements diff --git a/CVE-2020-9986/OFReadKeys/OFFetchReports/ReportsFetcher/ReportsFetcher.m b/CVE-2020-9986/OFReadKeys/OFFetchReports/ReportsFetcher/ReportsFetcher.m index 74c5b0c..ab60e92 100755 --- a/CVE-2020-9986/OFReadKeys/OFFetchReports/ReportsFetcher/ReportsFetcher.m +++ b/CVE-2020-9986/OFReadKeys/OFFetchReports/ReportsFetcher/ReportsFetcher.m @@ -10,11 +10,7 @@ #import -#if ACCESSORY -#import "OpenHaystack-Swift.h" -#else #import "OFFetchReports-Swift.h" -#endif @implementation ReportsFetcher diff --git a/CVE-2020-9986/OFReadKeys/OFReadKeys.xcodeproj/project.pbxproj b/CVE-2020-9986/OFReadKeys/OFReadKeys.xcodeproj/project.pbxproj index 017efe5..d79bfe3 100644 --- a/CVE-2020-9986/OFReadKeys/OFReadKeys.xcodeproj/project.pbxproj +++ b/CVE-2020-9986/OFReadKeys/OFReadKeys.xcodeproj/project.pbxproj @@ -11,7 +11,7 @@ isa = PBXAggregateTarget; buildConfigurationList = 782AC6C525F0E2D200554BF4 /* Build configuration list for PBXAggregateTarget "Run OFFetchReports" */; buildPhases = ( - 782AC6C825F0E2DC00554BF4 /* Codesign Offline Finder with Entitlements */, + 782AC6C825F0E2DC00554BF4 /* Codesign App with Entitlements */, ); dependencies = ( 782AC6CA25F0E2EB00554BF4 /* PBXTargetDependency */, @@ -78,7 +78,7 @@ 782AC6AC25F0DF3100554BF4 /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = ""; }; 782AC6B125F0DF7C00554BF4 /* OFFetchReportsMainView.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = OFFetchReportsMainView.swift; sourceTree = ""; }; 782AC6B225F0DF7C00554BF4 /* MapView.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = MapView.swift; sourceTree = ""; }; - 782AC6B525F0DFF200554BF4 /* OfflineFinder.entitlements */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.entitlements; path = OfflineFinder.entitlements; sourceTree = ""; }; + 782AC6B525F0DFF200554BF4 /* OFFetchReports.entitlements */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.entitlements; path = OFFetchReports.entitlements; sourceTree = ""; }; 782AC6B625F0DFF200554BF4 /* SavePanel.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = SavePanel.swift; sourceTree = ""; }; 782AC6B725F0DFF200554BF4 /* MapViewController.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = MapViewController.swift; sourceTree = ""; }; 782AC6B825F0DFF200554BF4 /* MapViewController.xib */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = file.xib; path = MapViewController.xib; sourceTree = ""; }; @@ -172,7 +172,7 @@ 782AC6A025F0DF3000554BF4 /* AppDelegate.swift */, 782AC6B725F0DFF200554BF4 /* MapViewController.swift */, 782AC6B825F0DFF200554BF4 /* MapViewController.xib */, - 782AC6B525F0DFF200554BF4 /* OfflineFinder.entitlements */, + 782AC6B525F0DFF200554BF4 /* OFFetchReports.entitlements */, 782AC6B625F0DFF200554BF4 /* SavePanel.swift */, 782AC6A425F0DF3100554BF4 /* Assets.xcassets */, 782AC6A925F0DF3100554BF4 /* Main.storyboard */, @@ -353,7 +353,7 @@ shellPath = /bin/sh; shellScript = "if which swiftlint >/dev/null; then\n swiftlint autocorrect && swiftlint\nelse\n echo \"warning: SwiftLint not installed, download from https://github.com/realm/SwiftLint\"\nfi\n"; }; - 782AC6C825F0E2DC00554BF4 /* Codesign Offline Finder with Entitlements */ = { + 782AC6C825F0E2DC00554BF4 /* Codesign App with Entitlements */ = { isa = PBXShellScriptBuildPhase; buildActionMask = 2147483647; files = ( @@ -362,14 +362,14 @@ ); inputPaths = ( ); - name = "Codesign Offline Finder with Entitlements"; + name = "Codesign App with Entitlements"; outputFileListPaths = ( ); outputPaths = ( ); runOnlyForDeploymentPostprocessing = 0; shellPath = /bin/sh; - shellScript = "#bin/sh\nidentities=$(security find-identity -p codesigning -v)\n#echo \"${identities}\"\npat=' ([0-9ABCDEF]+) '\n[[ $identities =~ $pat ]]\n# Can be set to a codesign identity manually\nIDT=\"${BASH_REMATCH[1]}\"\nif [ -z ${IDT+x} ]; then\n echo \"error: Please set the codesigning identity above. \\nThe identity can be found with $ security find-identities -v -p codesigning\"\nelse\n codesign --entitlements ${SRCROOT}/OFFetchReports/OfflineFinder.entitlements -fs ${IDT} ${TARGET_BUILD_DIR}/OFFetchReports.app/Contents/MacOS/OFFetchReports\n echo \"warning: This app will only run on macOS systems with SIP & AMFI disabled. This should only be done on dedicated test systems\"\nfi\n"; + shellScript = "#bin/sh\nidentities=$(security find-identity -p codesigning -v)\n#echo \"${identities}\"\npat=' ([0-9ABCDEF]+) '\n[[ $identities =~ $pat ]]\n# Can be set to a codesign identity manually\nIDT=\"${BASH_REMATCH[1]}\"\nif [ -z ${IDT+x} ]; then\n echo \"error: Please set the codesigning identity above. \\nThe identity can be found with $ security find-identities -v -p codesigning\"\nelse\n codesign --entitlements ${SRCROOT}/OFFetchReports/OFFetchReports.entitlements -fs ${IDT} ${TARGET_BUILD_DIR}/OFFetchReports.app/Contents/MacOS/OFFetchReports\n echo \"warning: This app will only run on macOS systems with SIP & AMFI disabled. This should only be done on dedicated test systems\"\nfi\n"; }; 78FFC97C25EE98680062F878 /* SwiftLint */ = { isa = PBXShellScriptBuildPhase; @@ -620,8 +620,7 @@ ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor; CLANG_WARN_QUOTED_INCLUDE_IN_FRAMEWORK_HEADER = YES; - CODE_SIGN_ENTITLEMENTS = OFFetchReports/OFFetchReports.entitlements; - CODE_SIGN_STYLE = Automatic; + CODE_SIGN_STYLE = Manual; COMBINE_HIDPI_IMAGES = YES; DEVELOPMENT_ASSET_PATHS = "\"OFFetchReports/Preview Content\""; ENABLE_PREVIEWS = YES; @@ -644,8 +643,7 @@ ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor; CLANG_WARN_QUOTED_INCLUDE_IN_FRAMEWORK_HEADER = YES; - CODE_SIGN_ENTITLEMENTS = OFFetchReports/OFFetchReports.entitlements; - CODE_SIGN_STYLE = Automatic; + CODE_SIGN_STYLE = Manual; COMBINE_HIDPI_IMAGES = YES; DEVELOPMENT_ASSET_PATHS = "\"OFFetchReports/Preview Content\""; ENABLE_PREVIEWS = YES; diff --git a/OpenHaystack/OpenHaystack.xcodeproj/project.pbxproj b/OpenHaystack/OpenHaystack.xcodeproj/project.pbxproj index 9729c51..4ca4eba 100644 --- a/OpenHaystack/OpenHaystack.xcodeproj/project.pbxproj +++ b/OpenHaystack/OpenHaystack.xcodeproj/project.pbxproj @@ -97,7 +97,6 @@ 024D98482490CE320063EBB6 /* BoringSSL.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = BoringSSL.m; sourceTree = ""; }; 025DFEDB248FED250039C718 /* DecryptReports.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = DecryptReports.swift; sourceTree = ""; }; 0298C0C8248F9506003928FE /* AuthKit.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = AuthKit.framework; path = ../../../../../../../../../../System/Library/PrivateFrameworks/AuthKit.framework; sourceTree = ""; }; - 0298C0CC248FA9BB003928FE /* OfflineFinder.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = OfflineFinder.entitlements; sourceTree = ""; }; 116B4EEC24A913AA007BA636 /* SavePanel.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = SavePanel.swift; sourceTree = ""; }; 78014A2725DC01220089F6D9 /* MicrobitController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = MicrobitController.swift; sourceTree = ""; }; 78014A2A25DC22110089F6D9 /* sample.bin */ = {isa = PBXFileReference; lastKnownFileType = archive.macbinary; path = sample.bin; sourceTree = ""; }; @@ -220,7 +219,6 @@ 78108B73248E8FB80007E9C4 /* Assets.xcassets */, 78108B78248E8FB80007E9C4 /* Main.storyboard */, 78108B7B248E8FB80007E9C4 /* Info.plist */, - 0298C0CC248FA9BB003928FE /* OfflineFinder.entitlements */, 78108B75248E8FB80007E9C4 /* Preview Content */, ); path = OpenHaystack; @@ -730,7 +728,6 @@ buildSettings = { ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; CLANG_ENABLE_MODULES = YES; - CODE_SIGN_ENTITLEMENTS = ""; CODE_SIGN_IDENTITY = "-"; CODE_SIGN_STYLE = Manual; COMBINE_HIDPI_IMAGES = YES; @@ -745,11 +742,6 @@ "@executable_path/../Frameworks", ); MACOSX_DEPLOYMENT_TARGET = 11.0; - OTHER_CFLAGS = ( - "-DACCESSORY", - "-DAUTHKIT", - ); - OTHER_SWIFT_FLAGS = "-DACCESSORY"; PRODUCT_BUNDLE_IDENTIFIER = "de.tu-darmstadt.seemoo.OpenHaystack"; PRODUCT_NAME = "$(TARGET_NAME)"; PROVISIONING_PROFILE_SPECIFIER = ""; @@ -763,7 +755,6 @@ buildSettings = { ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; CLANG_ENABLE_MODULES = YES; - CODE_SIGN_ENTITLEMENTS = ""; CODE_SIGN_IDENTITY = "-"; CODE_SIGN_STYLE = Manual; COMBINE_HIDPI_IMAGES = YES; @@ -778,11 +769,6 @@ "@executable_path/../Frameworks", ); MACOSX_DEPLOYMENT_TARGET = 11.0; - OTHER_CFLAGS = ( - "-DACCESSORY", - "-DAUTHKIT", - ); - OTHER_SWIFT_FLAGS = "-DACCESSORY"; PRODUCT_BUNDLE_IDENTIFIER = "de.tu-darmstadt.seemoo.OpenHaystack"; PRODUCT_NAME = "$(TARGET_NAME)"; PROVISIONING_PROFILE_SPECIFIER = ""; diff --git a/OpenHaystack/OpenHaystack.xcodeproj/xcshareddata/xcschemes/OFFetchReports.xcscheme b/OpenHaystack/OpenHaystack.xcodeproj/xcshareddata/xcschemes/OFFetchReports.xcscheme deleted file mode 100644 index 222a23b..0000000 --- a/OpenHaystack/OpenHaystack.xcodeproj/xcshareddata/xcschemes/OFFetchReports.xcscheme +++ /dev/null @@ -1,78 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/OpenHaystack/OpenHaystack.xcodeproj/xcshareddata/xcschemes/Run OFFetchReports.xcscheme b/OpenHaystack/OpenHaystack.xcodeproj/xcshareddata/xcschemes/Run OFFetchReports.xcscheme deleted file mode 100644 index 70c045f..0000000 --- a/OpenHaystack/OpenHaystack.xcodeproj/xcshareddata/xcschemes/Run OFFetchReports.xcscheme +++ /dev/null @@ -1,77 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/OpenHaystack/OpenHaystack/OfflineFinder.entitlements b/OpenHaystack/OpenHaystack/OfflineFinder.entitlements deleted file mode 100755 index 18c2b68..0000000 --- a/OpenHaystack/OpenHaystack/OfflineFinder.entitlements +++ /dev/null @@ -1,14 +0,0 @@ - - - - - com.apple.security.get-task-allow - - com.apple.authkit.client.private - - com.apple.private.accounts.allaccounts - - com.apple.security.network.client - - - diff --git a/OpenHaystack/OpenHaystack/ReportsFetcher/ReportsFetcher.m b/OpenHaystack/OpenHaystack/ReportsFetcher/ReportsFetcher.m index 52b82ca..ff41e88 100755 --- a/OpenHaystack/OpenHaystack/ReportsFetcher/ReportsFetcher.m +++ b/OpenHaystack/OpenHaystack/ReportsFetcher/ReportsFetcher.m @@ -10,11 +10,7 @@ #import -#if ACCESSORY #import "OpenHaystack-Swift.h" -#else -#import "OFFetchReports-Swift.h" -#endif @implementation ReportsFetcher diff --git a/README.Reproducibility.md b/README.Reproducibility.md index 6043b24..a3ecd63 100644 --- a/README.Reproducibility.md +++ b/README.Reproducibility.md @@ -57,7 +57,6 @@ The attacker machine needs to have system integrity protection (SIP) and AMFI ** #### Fetching reports -9. Open the Xcode project in [OpenHaystack](OpenHaystack). -10. Run the _Run OFFetchReports_ target. -11. Import the exported key file via drag and drop. -12. Watch _OFFetchReports_ downloading and decrypting the location reports. +9. Run the _Run OFFetchReports_ target. +10. Import the exported key file via drag and drop. +11. Watch _OFFetchReports_ downloading and decrypting the location reports.